Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/launchbynttdata/tf-aws-module_collection-ecs_appmesh_app


https://github.com/launchbynttdata/tf-aws-module_collection-ecs_appmesh_app

aws infrastructure-as-code platform-automation reference terraform

Last synced: 2 months ago
JSON representation

Awesome Lists containing this project

README 

          
# tf-aws-module_collection-ecs_appmesh_app



[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)

[![License: CC BY-NC-ND 4.0](https://img.shields.io/badge/License-CC_BY--NC--ND_4.0-lightgrey.svg)](https://creativecommons.org/licenses/by-nc-nd/4.0/)



## Overview



This terraform module creates a ECS App (ecs service) with App Mesh enabled. The following resources are created

- Virtual Node

- Virtual Service

- ECS Task Definition

- ECS Service

- Task Role and Task Exec role for ECS Task

- Security Group for ECS Service

- Private Cert for TLS in Virtual Node

- Virtual Gateway route (optional if ingress is needed)

- Service Discovery Service



### Dependencies

This module is dependent on `ecs_appmesh_platform` and `ecs_appmesh_ingress` modules. Those modules must be provisioned beforehand for this module to be provisioned



## Usage

A sample variable file [tfvars](sample-tfvars/app_w_tls_enabled.tfvars) is provided to test this module. User needs to follow the below steps to execute this module

1. Update the tfvars file to manually enter values for all fields marked within `<>` to make the variable file usable

2. Create a file `provider.tf` with the below contents

   ```

    provider "aws" {

      profile = ""

      region  = ""

    }

    ```

   If using `SSO`, make sure you are logged in `aws sso login --profile `

3. Make sure terraform binary is installed on your local. Use command `type terraform` to find the installation location. If you are using `asdf`, you can run `asfd install` and it will install the correct terraform version for you. `.tool-version` contains all the dependencies.

4. Run the `terraform` to provision infrastructure on AWS

    ```

    # Initialize

    terraform init

    # Plan

    terraform plan -var-file example.tfvars

    # Apply (this is create the actual infrastructure)

    terraform apply -var-file example.tfvars -auto-approve

   ```



## Known Issues



1. Doesn't currently support creating `gateway routes` for multiple ports open in ECS Task. Gateway route will be created for the first port only.

2. If the application port (var.app_ports) changes, then we need to destroy the module and recreate again. As we get an error while updating the virtual node listener that an existing gateway route is using the listener.

   ```shell

      Error: updating App Mesh Virtual Node (c3599c26-dbee-41d6-81ca-21018ff9bba4): BadRequestException: 1 Virtual Node listener(s) cannot be removed because they are targeted by existing Gateway Routes through Virtual Service provider. Listing up to 5 PortMappings: [(Port: 8080, Protocol: HTTP)]

   ```



## Pre-Commit hooks



[.pre-commit-config.yaml](.pre-commit-config.yaml) file defines certain `pre-commit` hooks that are relevant to terraform, golang and common linting tasks. There are no custom hooks added.



`commitlint` hook enforces commit message in certain format. The commit contains the following structural elements, to communicate intent to the consumers of your commit messages:



- **fix**: a commit of the type `fix` patches a bug in your codebase (this correlates with PATCH in Semantic Versioning).

- **feat**: a commit of the type `feat` introduces a new feature to the codebase (this correlates with MINOR in Semantic Versioning).

- **BREAKING CHANGE**: a commit that has a footer `BREAKING CHANGE:`, or appends a `!` after the type/scope, introduces a breaking API change (correlating with MAJOR in Semantic Versioning). A BREAKING CHANGE can be part of commits of any type.

footers other than BREAKING CHANGE:  may be provided and follow a convention similar to git trailer format.

- **build**: a commit of the type `build` adds changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)

- **chore**: a commit of the type `chore` adds changes that don't modify src or test files

- **ci**: a commit of the type `ci` adds changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)

- **docs**: a commit of the type `docs` adds documentation only changes

- **perf**: a commit of the type `perf` adds code change that improves performance

- **refactor**: a commit of the type `refactor` adds code change that neither fixes a bug nor adds a feature

- **revert**: a commit of the type `revert` reverts a previous commit

- **style**: a commit of the type `style` adds code changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)

- **test**: a commit of the type `test` adds missing tests or correcting existing tests



Base configuration used for this project is [commitlint-config-conventional (based on the Angular convention)](https://github.com/conventional-changelog/commitlint/tree/master/@commitlint/config-conventional#type-enum)



If you are a developer using vscode, [this](https://marketplace.visualstudio.com/items?itemName=joshbolduc.commitlint) plugin may be helpful.



`detect-secrets-hook` prevents new secrets from being introduced into the baseline. TODO: INSERT DOC LINK ABOUT HOOKS



In order for `pre-commit` hooks to work properly



- You need to have the pre-commit package manager installed. [Here](https://pre-commit.com/#install) are the installation instructions.

- `pre-commit` would install all the hooks when commit message is added by default except for `commitlint` hook. `commitlint` hook would need to be installed manually using the command below



```

pre-commit install --hook-type commit-msg

```



## To test the resource group module locally



1. For development/enhancements to this module locally, you'll need to install all of its components. This is controlled by the `configure` target in the project's [`Makefile`](./Makefile). Before you can run `configure`, familiarize yourself with the variables in the `Makefile` and ensure they're pointing to the right places.



```

make configure

```



This adds in several files and directories that are ignored by `git`. They expose many new Make targets.



2. The first target you care about is `env`. This is the common interface for setting up environment variables. The values of the environment variables will be used to authenticate with cloud provider from local development workstation.



`make configure` command will bring down `aws_env.sh` file on local workstation. Developer would need to modify this file, replace the environment variable values with relevant values.



These environment variables are used by `terratest` integration suit.



Then run this make target to set the environment variables on developer workstation.



```

make env

```



3. The first target you care about is `check`.



**Pre-requisites**

Before running this target it is important to ensure that, developer has created files mentioned below on local workstation under root directory of git repository that contains code for primitives/segments. Note that these files are `aws` specific. If primitive/segment under development uses any other cloud provider than AWS, this section may not be relevant.



- A file named `provider.tf` with contents below



```

provider "aws" {

  profile = ""

  region  = ""

}

```



- A file named `terraform.tfvars` which contains key value pair of variables used.



Note that since these files are added in `gitignore` they would not be checked in into primitive/segment's git repo.



After creating these files, for running tests associated with the primitive/segment, run



```

make check

```



If `make check` target is successful, developer is good to commit the code to primitive/segment's git repo.



`make check` target



- runs `terraform commands` to `lint`,`validate` and `plan` terraform code.

- runs `conftests`. `conftests` make sure `policy` checks are successful.

- runs `terratest`. This is integration test suit.

- runs `opa` tests



# Know Issues

Currently, the `encrypt at transit` is not supported in terraform. There is an open issue for this logged with Hashicorp - https://github.com/hashicorp/terraform-provider-aws/pull/26987



## Requirements



| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | ~> 1.0 |

|  [aws](#requirement\_aws) | ~> 5.0 |



## Providers



No providers.



## Modules



| Name | Source | Version |

|------|--------|---------|

|  [resource\_names](#module\_resource\_names) | terraform.registry.launch.nttdata.com/module_library/resource_name/launch | ~> 2.0 |

|  [sds](#module\_sds) | terraform.registry.launch.nttdata.com/module_primitive/service_discovery_service/aws | ~> 1.0 |

|  [private\_cert](#module\_private\_cert) | terraform.registry.launch.nttdata.com/module_primitive/acm_private_cert/aws | ~> 1.0 |

|  [virtual\_router](#module\_virtual\_router) | terraform.registry.launch.nttdata.com/module_primitive/virtual_router/aws | ~> 1.0 |

|  [virtual\_route](#module\_virtual\_route) | terraform.registry.launch.nttdata.com/module_primitive/appmesh_route/aws | ~> 1.0 |

|  [virtual\_node](#module\_virtual\_node) | terraform.registry.launch.nttdata.com/module_primitive/virtual_node/aws | ~> 1.0 |

|  [virtual\_service](#module\_virtual\_service) | terraform.registry.launch.nttdata.com/module_primitive/virtual_service/aws | ~> 1.0 |

|  [gateway\_route](#module\_gateway\_route) | terraform.registry.launch.nttdata.com/module_primitive/appmesh_gateway_route/aws | ~> 1.0 |

|  [ecs\_task\_execution\_policy](#module\_ecs\_task\_execution\_policy) | cloudposse/iam-policy/aws | ~> 0.4.0 |

|  [ecs\_task\_policy](#module\_ecs\_task\_policy) | cloudposse/iam-policy/aws | ~> 0.4.0 |

|  [container\_definitions](#module\_container\_definitions) | git::https://github.com/cloudposse/terraform-aws-ecs-container-definition.git | tags/0.59.0 |

|  [sg\_ecs\_service](#module\_sg\_ecs\_service) | terraform-aws-modules/security-group/aws | ~> 4.17.1 |

|  [app\_ecs\_service](#module\_app\_ecs\_service) | cloudposse/ecs-alb-service-task/aws | ~> 0.76.0 |

|  [autoscaling\_target](#module\_autoscaling\_target) | terraform.registry.launch.nttdata.com/module_primitive/autoscaling_target/aws | ~> 1.0 |

|  [autoscaling\_policies](#module\_autoscaling\_policies) | terraform.registry.launch.nttdata.com/module_primitive/autoscaling_policy/aws | ~> 1.0 |



## Resources



No resources.



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [logical\_product\_family](#input\_logical\_product\_family) | (Required) Name of the product family for which the resource is created.
    Example: org\_name, department\_name. | `string` | `"launch"` | no |

|  [logical\_product\_service](#input\_logical\_product\_service) | (Required) Name of the product service for which the resource is created.
    For example, backend, frontend, middleware etc. | `string` | `"backend"` | no |

|  [class\_env](#input\_class\_env) | (Required) Environment where resource is going to be deployed. For example. dev, qa, uat | `string` | `"dev"` | no |

|  [instance\_env](#input\_instance\_env) | Number that represents the instance of the environment. | `number` | `0` | no |

|  [instance\_resource](#input\_instance\_resource) | Number that represents the instance of the resource. | `number` | `0` | no |

|  [region](#input\_region) | AWS Region in which the infra needs to be provisioned | `string` | `"us-east-2"` | no |

|  [resource\_names\_map](#input\_resource\_names\_map) | A map of key to resource\_name that will be used by tf-launch-module\_library-resource\_name to generate resource names | 
map(object(
    {
      name       = string
      max_length = optional(number, 60)
    }
  ))
 | 
{
  "acm": {
    "max_length": 60,
    "name": "acm"
  },
  "app_ecs_sg": {
    "max_length": 60,
    "name": "appsg"
  },
  "ecs_app": {
    "max_length": 60,
    "name": "svc"
  },
  "ecs_td": {
    "max_length": 60,
    "name": "td"
  },
  "gateway_route": {
    "max_length": 60,
    "name": "gwroute"
  },
  "router_route": {
    "max_length": 60,
    "name": "vroute"
  },
  "service_discovery_service": {
    "max_length": 60,
    "name": "vsvc"
  },
  "task_exec_policy": {
    "max_length": 60,
    "name": "execplcy"
  },
  "task_exec_role": {
    "max_length": 60,
    "name": "execrole"
  },
  "task_policy": {
    "max_length": 60,
    "name": "taskplcy"
  },
  "task_role": {
    "max_length": 60,
    "name": "taskrole"
  },
  "virtual_node": {
    "max_length": 60,
    "name": "vnode"
  },
  "virtual_router": {
    "max_length": 60,
    "name": "vrouter"
  },
  "virtual_service": {
    "max_length": 60,
    "name": "vsvc"
  }
}
 | no |

|  [vpc\_id](#input\_vpc\_id) | The VPC ID of the VPC where infrastructure will be provisioned | `string` | n/a | yes |

|  [private\_subnets](#input\_private\_subnets) | List of private subnets | `list(string)` | n/a | yes |

|  [namespace\_name](#input\_namespace\_name) | Namespace name of the CloudMap namespace which the Virtual Node references. | `string` | n/a | yes |

|  [namespace\_id](#input\_namespace\_id) | ID of the CloudMap namespace in which SDS to be created. | `string` | n/a | yes |

|  [app\_mesh\_id](#input\_app\_mesh\_id) | Id/Name of the App Mesh | `string` | n/a | yes |

|  [virtual\_gateway\_name](#input\_virtual\_gateway\_name) | Name of the Virtual gateway in which gateway route will be created | `string` | n/a | yes |

|  [private\_ca\_arn](#input\_private\_ca\_arn) | ARN of the Private CA. This is used to sign private certificates used in App Mesh. Required when TLS is enabled in App Mesh | `string` | `""` | no |

|  [tls\_enforce](#input\_tls\_enforce) | Whether to enforce TLS in App Mesh Virtual Service/Node | `bool` | `true` | no |

|  [enable\_virtual\_router](#input\_enable\_virtual\_router) | Whether to create a Virtual Router and route traffic to virtual Node via it | `bool` | `true` | no |

|  [router\_retry\_policy](#input\_router\_retry\_policy) | Rules for retry policies to be applied to this route | 
object({
    http_retry_events = list(string)
    max_retries       = number
    per_entry_timeout = object({
      unit  = string
      value = number
    })
    tcp_retry_events = list(string)
  })
 | `null` | no |

|  [app\_ports](#input\_app\_ports) | The port(s) at which the application is running, used as listeners in Virtual Node. | `list(number)` | n/a | yes |

|  [virtual\_node\_app\_health\_check\_path](#input\_virtual\_node\_app\_health\_check\_path) | Path in the app for Virtual Node to perform health check.
    If empty, then no health check is configured on the Virtual Node
    Note: Virtual node just logs the health check output to envoy proxy logs, but doesn't evict
    the unhealthy containers. | `string` | `"/"` | no |

|  [idle\_duration](#input\_idle\_duration) | Idle duration for all the listeners | 
object({
    unit  = string
    value = number
  })
 | `null` | no |

|  [per\_request\_timeout](#input\_per\_request\_timeout) | Per Request timeout for all the listeners | 
object({
    unit  = string
    value = number
  })
 | `null` | no |

|  [print\_container\_json](#input\_print\_container\_json) | Print the container JSON object as output. Useful for debugging | `bool` | `false` | no |

|  [ecs\_cluster\_arn](#input\_ecs\_cluster\_arn) | (Required) ARN of the ECS Fargate cluster in which the service is to be deployed | `string` | n/a | yes |

|  [app\_image\_tag](#input\_app\_image\_tag) | (Required) The docker image of the application in the format : | `string` | n/a | yes |

|  [app\_environment](#input\_app\_environment) | Environment variables to be injected into the application containers | `map(string)` | `{}` | no |

|  [app\_secrets](#input\_app\_secrets) | Secrets to be injected into the application containers. Map of secret Manager ARNs | `map(string)` | `{}` | no |

|  [autoscaling\_enabled](#input\_autoscaling\_enabled) | Flag to determine if auto scaling is enabled for the application | `bool` | `false` | no |

|  [min\_capacity](#input\_min\_capacity) | Min capacity of the scalable target. | `number` | `1` | no |

|  [max\_capacity](#input\_max\_capacity) | Max capacity of the scalable target. | `number` | `4` | no |

|  [autoscaling\_policies](#input\_autoscaling\_policies) | A map of autoscaling policies to be created for this ECS Service
    The `predefined_metric_type` must be ECSServiceAverageCPUUtilization or ECSServiceAverageMemoryUtilization
    `target_value` is the threshold for the metric at which the auto-scaling will be triggerred.
    `scale_in_cooldown` and `scale_out_cooldown` respectively are amount of time, in seconds, after a scale in activity
      completes before another scale in activity can start. | 
map(object({
    predefined_metric_type = string
    target_value           = string
    scale_in_cooldown      = optional(string, 60)
    scale_out_cooldown     = optional(string, 60)
  }))
 | `{}` | no |

|  [app\_health\_check\_path](#input\_app\_health\_check\_path) | A path of the health endpoint inside the container for Container level health check. Example. `/health`.
    The complete health check would be http://localhost:/health
    By default is no health check configured | `string` | `""` | no |

|  [app\_health\_check\_options](#input\_app\_health\_check\_options) | Health Check options for the app container. Applicable only when the app\_health\_check\_path is configured | 
object({
    retries     = number
    timeout     = number
    interval    = number
    startPeriod = number
  })
 | 
{
  "interval": 5,
  "retries": 3,
  "startPeriod": 300,
  "timeout": 2
}
 | no |

|  [ecs\_security\_group](#input\_ecs\_security\_group) | Security group for the  ECS application. Must allow the ingress from the virtual gateway on app port | 
object({
    ingress_rules            = optional(list(string))
    ingress_cidr_blocks      = optional(list(string))
    ingress_with_cidr_blocks = optional(list(map(string)))
    egress_rules             = optional(list(string))
    egress_cidr_blocks       = optional(list(string))
    egress_with_cidr_blocks  = optional(list(map(string)))
    ingress_with_sg          = optional(list(map(string)))
    egress_with_sg           = optional(list(map(string)))
  })
 | `null` | no |

|  [ecs\_exec\_role\_custom\_policy\_json](#input\_ecs\_exec\_role\_custom\_policy\_json) | Custom policy to attach to ecs task execution role. Document must be valid json. | `string` | `""` | no |

|  [ecs\_role\_custom\_policy\_json](#input\_ecs\_role\_custom\_policy\_json) | Custom policy to attach to ecs task role. Document must be valid json. | `string` | `""` | no |

|  [envoy\_proxy\_image](#input\_envoy\_proxy\_image) | Optional docker image of the envoy proxy in the format `:`
    Default is `840364872350.dkr.ecr.us-east-2.amazonaws.com/aws-appmesh-envoy:v1.25.4.0-prod` | `string` | `""` | no |

|  [ignore\_changes\_task\_definition](#input\_ignore\_changes\_task\_definition) | Lifecycle ignore policy for task definition. If true, terraform won't detect changes when task\_definition is changed outside of terraform | `bool` | `false` | no |

|  [assign\_public\_ip](#input\_assign\_public\_ip) | If true, public IP will be assigned to this service task, else private IP | `bool` | `false` | no |

|  [ignore\_changes\_desired\_count](#input\_ignore\_changes\_desired\_count) | Lifecycle ignore policy for desired\_count. If true, terraform won't detect changes when desired\_count is changed outside of terraform | `bool` | `false` | no |

|  [task\_cpu](#input\_task\_cpu) | Amount of CPU to be allocated to the task | `number` | `512` | no |

|  [task\_memory](#input\_task\_memory) | Amount of Memory to be allocated to the task | `number` | `1024` | no |

|  [health\_check\_grace\_period\_seconds](#input\_health\_check\_grace\_period\_seconds) | Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers | `number` | `0` | no |

|  [deployment\_minimum\_healthy\_percent](#input\_deployment\_minimum\_healthy\_percent) | The lower limit (as a percentage of `desired_count`) of the number of tasks that must remain running and healthy in a service during a deployment | `number` | `100` | no |

|  [deployment\_maximum\_percent](#input\_deployment\_maximum\_percent) | The upper limit of the number of tasks (as a percentage of `desired_count`) that can be running in a service during a deployment | `number` | `200` | no |

|  [desired\_count](#input\_desired\_count) | The number of instances of the task definition to place and keep running | `number` | `1` | no |

|  [deployment\_controller\_type](#input\_deployment\_controller\_type) | Type of deployment controller. Valid values are `CODE_DEPLOY` and `ECS` | `string` | `"ECS"` | no |

|  [wait\_for\_steady\_state](#input\_wait\_for\_steady\_state) | If true, it will wait for the service to reach a steady state (like aws ecs wait services-stable) before continuing | `bool` | `false` | no |

|  [redeploy\_on\_apply](#input\_redeploy\_on\_apply) | Redeploys the service everytime a terraform apply is executed. force\_new\_deployment should also be true for this flag to work | `bool` | `false` | no |

|  [force\_new\_deployment](#input\_force\_new\_deployment) | Enable to force a new task deployment of the service when terraform apply is executed. | `bool` | `false` | no |

|  [create\_gateway\_route](#input\_create\_gateway\_route) | Whether to create an ingress Virtual Gateway route into the ECS application. Default is true
    Ingress route can be created in two ways:
    - Path matching: The incoming request is checked for a particular path prefix (example: `/app1`) and based on this,
      routed to the respective backend virtual service. If this routing is selected, var.match\_path\_prefix is mandatory
    - Hostname matching: The incoming request is checked for a particular HostName header (example: `app1.demo.com`
      and based on which is routed to the respective backend virtual service. If this routing is selected,
      either var.match\_hostname\_exact or var.match\_hostname\_regex is mandatory | `bool` | `true` | no |

|  [match\_path\_prefix](#input\_match\_path\_prefix) | Gateway route match path prefix. Default is `/`. Conflicts with var.match\_path\_exact and var.match\_path\_regex

    This is the path prefix to match the incoming request in the ingress url. For example, if the match\_path\_prefix = /test/,
    then the request /test/a/b/test.html will be forwarded to the backend as /a/b/test.html | `string` | `"/"` | no |

|  [rewrite\_prefix](#input\_rewrite\_prefix) | Rewrite the prefix before sending the request to the backend. The supplied prefix will be prepended
    For example if the rewrite\_prefix = /test/, then the request /a/b/test.html will be forwarded to the backend
    as /test/a/b/test.html | `string` | `""` | no |

|  [match\_hostname\_exact](#input\_match\_hostname\_exact) | Gateway route match exact hostname. Conflicts with var.match\_hostname\_suffix | `string` | `null` | no |

|  [match\_hostname\_suffix](#input\_match\_hostname\_suffix) | Gateway route match hostname suffix. Specified ending characters of the host name to match on.
    Conflicts with var.match\_hostname\_exact
    Example: *.abc.com | `string` | `null` | no |

|  [tags](#input\_tags) | Map of tags to be associated with the resources | `map(string)` | `{}` | no |

|  [opentelemetry\_config\_file\_contents](#input\_opentelemetry\_config\_file\_contents) | OpenTelemetry Configuration file contents | `string` | `""` | no |

|  [app\_mounts](#input\_app\_mounts) | Mount points for the application container | 
list(object({
    containerPath = string
    readOnly      = optional(bool, false)
    sourceVolume  = string
  }))
 | `[]` | no |

|  [bind\_mount\_volumes](#input\_bind\_mount\_volumes) | Extra bind mount volumes to be created for this task | `list(object({ name = string }))` | `[]` | no |

|  [extra\_containers](#input\_extra\_containers) | Specifications for containers to be launched in ECS for this task alongside the main app and envoy proxy containers | 
list(object({
    name                     = string
    image_tag                = string
    command                  = optional(list(string), [])
    essential                = optional(bool, false)
    cpu                      = optional(number, 0)
    memory                   = optional(number, null)
    memory_reservation       = optional(number, null)
    readonly_root_filesystem = optional(bool, false)
    environment              = optional(map(string), null)
    secrets                  = optional(map(string), null)
    mount_points = optional(list(object({
      containerPath = optional(string)
      readOnly      = optional(bool, false)
      sourceVolume  = optional(string)
    })), [])
    port_mappings = optional(list(object({
      containerPort = number
      hostPort      = optional(number)
      protocol      = optional(string, "tcp")
    })), [])
    healthcheck = optional(object({
      retries     = number
      command     = list(string)
      timeout     = number
      interval    = number
      startPeriod = number
    }), null)
    user = optional(string, null)
    depends_on = optional(list(object({
      containerName = string
      condition     = string
    })), [])
    log_configuration = optional(object({
      logDriver = optional(string, "awslogs")
      options = object({
        awslogs-group         = string
        awslogs-region        = string
        awslogs-create-group  = optional(string, "true")
        awslogs-stream-prefix = string
      })
    }), null)
  }))
 | `[]` | no |

|  [app\_depends\_on\_extra](#input\_app\_depends\_on\_extra) | Extra containers on which the main app should depend in order to start | 
list(object({
    containerName = string
    condition     = string
  }))
 | `[]` | no |



## Outputs



| Name | Description |

|------|-------------|

|  [resource\_names](#output\_resource\_names) | A map of resource\_name\_types to generated resource names used in this module |

|  [ecs\_sg\_id](#output\_ecs\_sg\_id) | The ID of the ECS Security Group |

|  [virtual\_node\_id](#output\_virtual\_node\_id) | ID of the Virtual Node created for the application |

|  [virtual\_service\_id](#output\_virtual\_service\_id) | ID of the Virtual Service created for the application |

|  [virtual\_node\_arn](#output\_virtual\_node\_arn) | ARN of the Virtual Node created for the application |

|  [virtual\_service\_arn](#output\_virtual\_service\_arn) | ARN of the Virtual Service created for the application |

|  [task\_definition\_name](#output\_task\_definition\_name) | Task Definition family of the ECS App |

|  [task\_definition\_version](#output\_task\_definition\_version) | Task Definition revision of the ECS App |

|  [task\_role\_arn](#output\_task\_role\_arn) | Task Exec role ARN of the ECS App |

|  [task\_exec\_role\_arn](#output\_task\_exec\_role\_arn) | Task role ARN of the ECS App |

|  [virtual\_gateway\_route\_arn](#output\_virtual\_gateway\_route\_arn) | ARN of the Virtual Gateway route for the application |

|  [virtual\_gateway\_route\_id](#output\_virtual\_gateway\_route\_id) | ID of the Virtual Gateway route for the application |

|  [virtual\_router\_id](#output\_virtual\_router\_id) | ID of the Virtual Router (if enabled) |

|  [virtual\_router\_arn](#output\_virtual\_router\_arn) | ARN of the Virtual Router (if enabled) |

|  [virtual\_router\_name](#output\_virtual\_router\_name) | Name of the Virtual Router (if enabled) |

|  [virtual\_router\_route\_arn](#output\_virtual\_router\_route\_arn) | ARN of the Virtual Router route (if enabled) |

|  [virtual\_router\_route\_id](#output\_virtual\_router\_route\_id) | ID of the Virtual Router route (if enabled) |

|  [container\_json](#output\_container\_json) | Container json for the ECS Task Definition |